Svchost.exe PID896 - proszę o sprawdzenie loga


(Adi Superstar) #1

Witam.

Mam problem takiego typu. Po uruchomieniu systemu "svchost.exe PID896" wrzuca mi procesor na najwyższe obroty (100%) przez około 2 minuty.

Poza tym powoduje chyba problem z zamknięciem jak i otworzeniem systemu. Po ponownym resecie dopiero wskakuje. Podejrzewam, że to robal. Posiadam Nortona 2009 ale nie wykrywa tego dziadostwa. Proszę o sprawdzenie mojego loga Combofix.

ComboFix 09-02-15.01 - Adi 2009-02-16 18:37:13.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.767.378 [GMT 1:00]

Uruchomiony z: e:\documents and settings\Adi\Pulpit\ComboFix.exe

AV: Norton Internet Security *On-access scanning disabled* (Updated)

FW: Norton Internet Security *enabled*

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((( Pliki utworzone od 2009-01-16 do 2009-02-16 )))))))))))))))))))))))))))))))

.

2009-02-16 18:14 . 2009-02-16 18:14

2009-02-16 17:42 . 2009-02-16 17:42

2009-02-16 17:42 . 2009-02-16 17:41 35,888 -ra------ e:\windows\system32\drivers\SymIM.sys

2009-02-16 17:41 . 2009-02-16 17:41

2009-02-16 17:41 . 2009-02-16 17:41

2009-02-16 17:41 . 2009-02-16 17:41

2009-02-16 17:41 . 2009-02-16 17:41

2009-02-16 17:41 . 2009-02-16 17:41

2009-02-16 17:41 . 2009-02-16 17:41 124,464 --a------ e:\windows\system32\drivers\SYMEVENT.SYS

2009-02-16 17:41 . 2009-02-16 17:41 60,808 --a------ e:\windows\system32\S32EVNT1.DLL

2009-02-16 17:41 . 2009-02-16 17:41 10,635 --a------ e:\windows\system32\drivers\SYMEVENT.CAT

2009-02-16 17:41 . 2009-02-16 17:41 806 --a------ e:\windows\system32\drivers\SYMEVENT.INF

2009-02-16 16:36 . 2009-02-16 16:36

2009-02-16 16:36 . 2009-02-16 16:36

2009-02-16 16:36 . 2009-02-16 16:36

2009-02-16 16:36 . 2009-02-16 16:36

2009-02-16 16:36 . 2009-02-16 16:36

2009-02-16 16:36 . 2009-02-16 16:36

2009-02-16 16:36 . 2009-02-16 16:36

2009-02-16 16:36 . 2009-02-16 16:36

2009-02-16 16:36 . 2009-02-16 16:36

2009-02-16 16:35 . 2009-02-16 16:35

2009-02-15 19:42 . 2008-10-16 14:06 268,648 --a------ e:\windows\system32\mucltui.dll

2009-02-15 19:42 . 2008-10-16 14:06 27,496 --a------ e:\windows\system32\mucltui.dll.mui

2009-02-15 19:34 . 2009-02-16 16:33

2009-02-15 19:13 . 2009-02-16 16:33

2009-02-15 09:12 . 2009-02-15 09:12 57,344 --a------ e:\windows\system32\RO757F.tmp

2009-02-15 09:05 . 2009-02-16 16:33

2009-02-14 16:41 . 2008-08-14 14:46 2,181,632 -----c--- e:\windows\system32\dllcache\ntoskrnl.exe

2009-02-14 16:41 . 2008-08-14 14:46 2,137,600 -----c--- e:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-14 16:41 . 2008-08-14 14:46 2,059,008 -----c--- e:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-14 16:41 . 2008-08-14 14:46 2,017,280 -----c--- e:\windows\system32\dllcache\ntkrpamp.exe

2009-02-11 17:31 . 2009-02-16 16:34

2009-02-11 17:24 . 2009-02-16 18:39

2009-02-11 17:24 . 2009-02-16 18:39

2009-02-11 17:24 . 2009-02-16 16:36

2009-02-11 17:24 . 2009-02-16 16:36

2009-02-11 17:24 . 2009-02-16 16:34

2009-02-11 17:24 . 2009-02-16 16:34

2009-02-11 17:24 . 2009-02-16 16:34

2009-02-11 17:24 . 2009-02-16 16:34

2009-02-11 17:24 . 2009-02-16 16:36

2009-02-09 15:59 . 2009-02-09 15:59

2009-02-06 16:59 . 2009-02-06 16:59

2009-02-06 16:59 . 2009-02-16 16:34

2009-02-06 12:57 . 2009-02-06 12:57

2009-02-06 12:57 . 2009-02-06 12:57

2009-02-06 12:43 . 2009-02-16 16:35

2009-02-06 10:29 . 2008-06-14 19:01 273,024 --------- e:\windows\system32\drivers\bthport.sys

2009-02-06 10:29 . 2008-06-14 19:01 273,024 -----c--- e:\windows\system32\dllcache\bthport.sys

2009-02-04 18:32 . 2008-10-24 12:10 453,632 -----c--- e:\windows\system32\dllcache\mrxsmb.sys

2009-02-04 16:22 . 2009-02-15 10:14

2009-02-04 16:06 . 2009-02-06 12:46

2009-02-04 16:05 . 2009-02-16 16:35

2009-02-04 16:05 . 2008-10-13 13:55 26,144 --a------ e:\windows\system32\spupdsvc.exe

2009-02-04 15:50 . 2009-02-04 15:50

2009-02-04 15:46 . 2009-02-04 15:46

2009-02-04 15:45 . 2009-02-04 15:48

2009-02-04 15:40 . 2009-02-04 20:58

2009-02-04 15:32 . 2009-02-04 15:32

2009-02-04 14:35 . 2009-02-04 14:35

2009-02-04 13:51 . 2009-02-04 13:51

2009-02-04 13:51 . 2009-02-16 16:08

2009-02-04 13:41 . 2009-02-04 13:41

2009-02-03 20:35 . 2009-02-03 20:35

2009-02-03 20:35 . 2004-08-04 00:44 91,136 --a------ e:\windows\system32\kswdmcap.ax

2009-02-03 20:35 . 2004-08-04 00:44 91,136 --a--c--- e:\windows\system32\dllcache\kswdmcap.ax

2009-02-03 20:35 . 2004-08-04 00:44 61,952 --a------ e:\windows\system32\kstvtune.ax

2009-02-03 20:35 . 2004-08-04 00:44 61,952 --a--c--- e:\windows\system32\dllcache\kstvtune.ax

2009-02-03 20:35 . 2004-08-04 00:44 54,784 --a------ e:\windows\system32\vfwwdm32.dll

2009-02-03 20:35 . 2004-08-04 00:44 54,784 --a--c--- e:\windows\system32\dllcache\vfwwdm32.dll

2009-02-03 20:35 . 2004-08-04 00:44 43,008 --a------ e:\windows\system32\ksxbar.ax

2009-02-03 20:35 . 2004-08-04 00:44 43,008 --a--c--- e:\windows\system32\dllcache\ksxbar.ax

2009-02-03 20:35 . 2004-08-04 00:44 28,672 --a------ e:\windows\system32\vidcap.ax

2009-02-03 20:35 . 2004-08-04 00:44 28,672 --a--c--- e:\windows\system32\dllcache\vidcap.ax

2009-02-03 20:28 . 2009-02-03 20:28

2009-02-03 20:28 . 2009-02-07 14:42

2009-02-03 20:15 . 2009-02-15 12:09 69 --a------ e:\windows\NeroDigital.ini

2009-02-03 20:07 . 2009-02-03 20:07

2009-02-03 20:07 . 2004-08-03 23:08 26,496 --a--c--- e:\windows\system32\dllcache\usbstor.sys

2009-02-03 20:06 . 2009-02-03 20:15

2009-02-03 20:05 . 2009-02-16 18:00 1,444 --a------ e:\windows\unins000.dat

2009-02-03 20:02 . 2009-02-04 14:59

2009-02-03 20:02 . 2009-02-14 22:36 2,169 --a------ e:\windows\wincmd.ini

2009-02-03 20:02 . 2007-09-14 07:02 545 --a------ e:\windows\UC.PIF

2009-02-03 20:02 . 2007-09-14 07:02 545 --a------ e:\windows\RAR.PIF

2009-02-03 20:02 . 2007-09-14 07:02 545 --a------ e:\windows\PKZIP.PIF

2009-02-03 20:02 . 2007-09-14 07:02 545 --a------ e:\windows\PKUNZIP.PIF

2009-02-03 20:02 . 2007-09-14 07:02 545 --a------ e:\windows\NOCLOSE.PIF

2009-02-03 20:02 . 2007-09-14 07:02 545 --a------ e:\windows\LHA.PIF

2009-02-03 20:02 . 2007-09-14 07:02 545 --a------ e:\windows\ARJ.PIF

2009-02-03 19:47 . 2009-02-12 18:17

2009-02-03 19:46 . 2009-02-03 19:46

2009-02-03 19:40 . 2009-02-03 19:40

2009-02-03 19:40 . 2009-02-03 19:45

2009-02-03 19:40 . 2009-02-03 19:40

2009-02-03 19:36 . 2009-02-03 19:36

2009-02-03 19:29 . 2009-02-03 19:30

2009-02-03 19:27 . 2004-08-03 23:10 19,328 --a------ e:\windows\system32\drivers\WSTCODEC.SYS

2009-02-03 19:27 . 2004-08-03 23:10 19,328 --a--c--- e:\windows\system32\dllcache\wstcodec.sys

2009-02-03 19:27 . 2004-08-04 00:44 16,384 --a------ e:\windows\system32\ipsink.ax

2009-02-03 19:27 . 2004-08-04 00:44 16,384 --a--c--- e:\windows\system32\dllcache\ipsink.ax

2009-02-03 19:27 . 2004-08-03 23:10 15,360 --a------ e:\windows\system32\drivers\StreamIP.sys

2009-02-03 19:27 . 2004-08-03 23:10 15,360 --a--c--- e:\windows\system32\dllcache\streamip.sys

2009-02-03 19:27 . 2004-08-03 23:10 11,136 --a------ e:\windows\system32\drivers\SLIP.sys

2009-02-03 19:27 . 2004-08-03 23:10 11,136 --a--c--- e:\windows\system32\dllcache\slip.sys

2009-02-03 19:27 . 2004-08-03 23:10 10,880 --a------ e:\windows\system32\drivers\NdisIP.sys

2009-02-03 19:27 . 2004-08-03 23:10 10,880 --a--c--- e:\windows\system32\dllcache\ndisip.sys

2009-02-03 19:27 . 2004-08-03 22:58 5,504 --a------ e:\windows\system32\drivers\MSTEE.sys

2009-02-03 19:27 . 2004-08-03 22:58 5,504 --a--c--- e:\windows\system32\dllcache\mstee.sys

2009-02-03 19:26 . 2009-02-03 19:26

2009-02-03 19:26 . 2004-08-04 00:44 91,136 --a------ e:\windows\system32\drivers\kswdmcap.ax

2009-02-03 19:26 . 2004-08-03 23:10 85,376 --a------ e:\windows\system32\drivers\NABTSFEC.sys

2009-02-03 19:26 . 2004-08-03 23:10 85,376 --a--c--- e:\windows\system32\dllcache\nabtsfec.sys

2009-02-03 19:26 . 2004-08-04 00:44 61,952 --a------ e:\windows\system32\drivers\kstvtune.ax

2009-02-03 19:26 . 2004-08-04 00:44 54,784 --a------ e:\windows\system32\drivers\vfwwdm32.dll

2009-02-03 19:26 . 2004-08-04 00:44 43,008 --a------ e:\windows\system32\drivers\ksxbar.ax

2009-02-03 19:26 . 2004-08-04 00:44 28,672 --a------ e:\windows\system32\drivers\vidcap.ax

2009-02-03 19:26 . 2004-08-03 23:10 17,024 --a------ e:\windows\system32\drivers\CCDECODE.sys

2009-02-03 19:26 . 2004-08-03 23:10 17,024 --a--c--- e:\windows\system32\dllcache\ccdecode.sys

2009-02-03 19:11 . 2009-02-04 13:59

2009-02-03 19:10 . 2009-02-16 17:44

2009-02-03 19:07 . 2009-02-03 19:07

2009-02-03 19:05 . 2009-02-03 19:05

2009-02-03 19:05 . 2009-02-03 19:05

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-16 15:33 --------- d-----w e:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-02-03 17:51 --------- d-----w e:\program files\DAEMON Tools Lite

2009-02-03 17:38 --------- d--h--w e:\program files\InstallShield Installation Information

2009-02-03 17:37 --------- d-----w e:\program files\Common Files\InstallShield

2009-02-03 17:35 --------- d-----w e:\documents and settings\All Users\Dane aplikacji\UDL

2009-02-03 17:34 --------- d-----w e:\program files\epson

2009-02-03 17:32 --------- d-----w e:\documents and settings\Adi\Dane aplikacji\InstallShield

2009-02-03 17:31 --------- d-----w e:\documents and settings\All Users\Dane aplikacji\EPSON

2009-02-03 17:27 --------- d-----w e:\program files\MSBuild

2009-02-03 17:27 --------- d-----w e:\program files\Microsoft Works

2009-02-03 17:26 --------- d-----w e:\program files\Microsoft.NET

2009-02-03 17:22 --------- d-----w e:\documents and settings\Adi\Dane aplikacji\DAEMON Tools

2009-02-03 17:19 715,248 ----a-w e:\windows\system32\drivers\sptd.sys

2009-02-03 17:06 64,419 ----a-w e:\windows\BricoPackUninst.cmd

2009-02-03 17:06 6,110 ----a-w e:\windows\BricoPackFoldersDelete.cmd

2009-02-03 17:06 219,648 ----a-w e:\windows\system32\uxtheme.dll

2009-02-03 17:03 --------- d-----w e:\documents and settings\Adi\Dane aplikacji\ATI

2009-02-03 17:02 --------- d-----w e:\program files\ATI Technologies

2009-02-03 16:34 --------- d-----w e:\program files\microsoft frontpage

2009-02-03 16:32 --------- d-----w e:\program files\Usługi online

2009-01-15 01:05 911,872 ----a-w e:\windows\system32\wininet.dll

2009-01-15 01:05 43,008 ----a-w e:\windows\system32\licmgr10.dll

2009-01-15 01:04 18,944 ----a-w e:\windows\system32\corpol.dll

2009-01-15 01:03 72,704 ----a-w e:\windows\system32\admparse.dll

2009-01-15 01:03 71,680 ----a-w e:\windows\system32\iesetup.dll

2009-01-15 01:03 420,352 ----a-w e:\windows\system32\vbscript.dll

2009-01-15 01:01 34,304 ----a-w e:\windows\system32\imgutil.dll

2009-01-15 01:00 48,128 ----a-w e:\windows\system32\mshtmler.dll

2009-01-15 01:00 45,568 ----a-w e:\windows\system32\mshta.exe

2009-01-15 00:50 156,160 ----a-w e:\windows\system32\msls31.dll

2007-11-06 15:27 969 ----a-w e:\program files\SPreg.cmd

2007-11-05 12:06 9,728 ----a-w e:\program files\SPBlockingTool.exe

2005-05-19 16:18 4,576 ----a-w e:\program files\NoSPupdate.adm

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "e:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-02-03 57344]

[HKEY_CLASSES_ROOT\clsid{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 12:58 333192 --a------ e:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="e:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

"EPSON Stylus DX4400 Series"="e:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]

"ccleaner"="e:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]

"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DefragTaskBar"="e:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-08-28 169312]

"Kalendarz XP"="e:\program files\Kalendarz XP\Kalendarz.exe" [2007-05-06 1194496]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

"ATICCC"="e:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-08-25 28672]

e:\documents and settings\Adi\Menu Start\Programy\Autostart\

RocketDock.lnk - e:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

e:\documents and settings\Adi\Menu Start\Programy\Autostart\AutorunsDisabled

TransBar.lnk - e:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

UberIcon.lnk - e:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

Y'z Shadow.lnk - e:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

e:\documents and settings\All Users\Menu Start\Programy\Autostart\

BlueSoleil.lnk - e:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-09-20 1200128]

e:\documents and settings\All Users\Menu Start\Programy\Autostart\AutorunsDisabled

ATI CATALYST System Tray.lnk - e:\program files\ATI Technologies\ATI.ACE\CLI.exe [2004-08-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"e:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=

"e:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=

"e:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

"e:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"=

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;e:\windows\system32\drivers\si3112r.sys [2008-08-26 110128]

R0 SiWinAcc;SiWinAcc;e:\windows\system32\drivers\SiWinAcc.sys [2008-08-26 17328]

R0 SymEFA;Symantec Extended File Attributes;e:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [2009-02-16 309296]

R1 BHDrvx86;Symantec Heuristics Driver;e:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2009-02-16 254512]

R1 ccHP;Symantec Hash Provider;e:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2009-02-16 362544]

R1 IDSxpx86;IDSxpx86;e:\documents and settings\All Users\Dane aplikacji\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-02-16 274808]

R2 Norton Internet Security;Norton Internet Security;e:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-02-16 115560]

R3 CAM1210;USB video camera;e:\windows\system32\drivers\cam1210.sys [2007-02-14 92416]

S3 EraserUtilDrvI7;EraserUtilDrvI7;\??\e:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys -- e:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [?]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - BHDRVX86

*NewlyCreated* - CCHP

*NewlyCreated* - NAVENG

*NewlyCreated* - NAVEX15

*NewlyCreated* - NORTON_INTERNET_SECURITY

*NewlyCreated* - SRTSP

*NewlyCreated* - SRTSPX

*NewlyCreated* - SYMEVENT

*Deregistered* - EraserUtilDrv10822

*Deregistered* - SYMDNS

*Deregistered* - SYMFW

*Deregistered* - SYMIDS

*Deregistered* - SYMNDIS

*Deregistered* - SYMREDRV

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\startuj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"e:\windows\system32\rundll32.exe" "e:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Zawartość folderu 'Zaplanowane zadania'

2009-02-14 e:\windows\Tasks\Norton Internet Security - Adi - Pełne skanowanie systemu.job

  • e:\program files\Norton Internet Security\Engine\16.0.0.125\Navw32.exe [2009-02-16 17:41]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

IE: Eksportuj do programu Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-16 18:39:17

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

D:\uruchom.exe [2416] 0x8164E020

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"e:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"e:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • 'winlogon.exe'(556)

e:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-02-16 18:41:08

ComboFix-quarantined-files.txt 2009-02-16 17:41:06

Przed: 14 419 304 448 bajtów wolnych

Po: 14,421,377,024 bajtów wolnych

286 --- E O F --- 2009-02-15 19:21:38

Proszę o pomoc. A może problem tkwi gdzie indziej?